✅ - Amplify Storage Authorization | AWS Amplify | Page 1

feral ocean Nov 9, 2022, 8:44 AM

#

I am currently working on Amplify Storage and how to setup authorization for S3. In DynamoDB I can easily restrict the access to specific entities or fields by using the @auth command. Unfortunately, I found out that it is not that easy for S3.

My use case:
The App is having an organizational structure. Meaning a user is part of an organization and inside of Cognito Custom Claims each user is having an organizationID custom attribute. In S3 I want all users of an organization to have access to a bucket for the corresponding organization e.g.:
S3://documents/{organizationID}/{fileName}

During my research I came accross Presigned URLs, but I am not sure if this is the way to go with Amplify.

I also came across this github issue which is unfortunately closed while not answered even though it is referenced in the amplify docs (second link at the bottom). Maybe a <@&705906736388898918> can reopen this issue:
https://github.com/aws-amplify/amplify-cli/issues/5652

https://docs.amplify.aws/lib/storage/download/q/platform/js/#file-access-levels

Looking forward to some help and somebody with a similar use case!

GitHub

How to give full S3 Storage access to an "Admin" Cognito Group · Is...

** Which Category is your question related to? ** Storage, Auth ** What AWS Services are you utilizing? ** Amplify, Appsync, S3, Cognito ** Provide additional details e.g. code snippets ** I have A...

echo valve Nov 9, 2022, 1:33 PM

#

Please don’t tag moderators.

feral ocean Nov 9, 2022, 3:24 PM

#

Sorry I misunderstood the post guidlines as I thought the reopening of the github issue concerns the moderators!

rapid bobcat Nov 11, 2022, 5:57 PM

#

The only options in Amplify Studio are these ones.

#

warm basalt Dec 9, 2022, 10:25 PM

#

@feral ocean, it's likely you'll need to configure the authorization settings for your S3 access via:

1.) The Amplify Studio UI as @rapid bobcat showed above

2.) Via group access controls/custom IAM Policies as seen here in the docs: https://docs.amplify.aws/cli/auth/groups/#group-access-controls

You can do this within the AWS Console by searching for IAM (Identity and Access Management), finding your User or Role that you want to grant/deny permissions, "add permissions" by creating an inline policy, then searching for S3 as the service.

From here (if using the visual editor) you can just select access levels and really fine tune what you're looking for.

short plinth Dec 24, 2022, 2:53 AM

#

Hello, I'm adding images to an S3 bucket with the help of the Storage helper method, then I'm trying to showcase these images on the browser with Storage.get() or with the I ui-react component, however, I get a long URL with what it looks to have some permissions error

#

#

I went to the S3 bucket, selected one of the images, and change the permission as I want them to be public for everyone, but still

#

#

when I tried to open the image from the bucket, it seems to download something that is wrong, I thought it would be stored in some public URL, is a png image

short plinth Dec 24, 2022, 3:40 AM

#

wondering if anyone can help 🙂

waxen nacelle Jan 4, 2023, 5:33 PM

#

short plinth wondering if anyone can help 🙂

DM the link if you don't mind.

warm basalt Jan 4, 2023, 7:10 PM

#

@short plinth, it looks like you're experiencing a slightly different issue than the original OP of this thread (correct me if I'm wrong through).

Did you DM the link to @waxen nacelle or get any clarity on it?

short plinth Jan 5, 2023, 8:33 PM

#

Hello @warm basalt and @waxen nacelle ( just getting back to work ), I manage to solve it in the front end, was using Storage.put incorrectly, my bad, thanks very much for the response tough

quartz tokenBOT Jan 5, 2023, 10:53 PM

#

✅ - Amplify Storage Authorization

#

Marked as solved.

#✅ - Amplify Storage Authorization